Use keystone.common.provider_api for oauth APIs
This change converts the usage of self.<provider_api> to keystone.common.providers_api.ProviderAPIs.<provider_api> in manager and controller logic. This is the correct way to reference providers from other managers and controllers now that dependency injection has been eliminated. Change-Id: I4e30070111ba1d8ae1653a764fdeed949e536830
This commit is contained in:
parent
1e21c52f3b
commit
e679ec1aaf
|
@ -22,6 +22,7 @@ from six.moves.urllib import parse as urlparse
|
|||
|
||||
from keystone.common import authorization
|
||||
from keystone.common import controller
|
||||
from keystone.common import provider_api
|
||||
from keystone.common import validation
|
||||
from keystone.common import wsgi
|
||||
import keystone.conf
|
||||
|
@ -35,6 +36,7 @@ from keystone.oauth1 import validator
|
|||
|
||||
CONF = keystone.conf.CONF
|
||||
LOG = log.getLogger(__name__)
|
||||
PROVIDERS = provider_api.ProviderAPIs
|
||||
|
||||
|
||||
def _emit_user_oauth_consumer_token_invalidate(payload):
|
||||
|
@ -64,7 +66,7 @@ class ConsumerCrudV3(controller.V3Controller):
|
|||
def create_consumer(self, request, consumer):
|
||||
validation.lazy_validate(schema.consumer_create, consumer)
|
||||
ref = self._assign_unique_id(self._normalize_dict(consumer))
|
||||
consumer_ref = self.oauth_api.create_consumer(
|
||||
consumer_ref = PROVIDERS.oauth_api.create_consumer(
|
||||
ref, initiator=request.audit_initiator
|
||||
)
|
||||
return ConsumerCrudV3.wrap_member(request.context_dict, consumer_ref)
|
||||
|
@ -74,19 +76,19 @@ class ConsumerCrudV3(controller.V3Controller):
|
|||
validation.lazy_validate(schema.consumer_update, consumer)
|
||||
self._require_matching_id(consumer_id, consumer)
|
||||
ref = self._normalize_dict(consumer)
|
||||
ref = self.oauth_api.update_consumer(
|
||||
ref = PROVIDERS.oauth_api.update_consumer(
|
||||
consumer_id, ref, initiator=request.audit_initiator
|
||||
)
|
||||
return ConsumerCrudV3.wrap_member(request.context_dict, ref)
|
||||
|
||||
@controller.protected()
|
||||
def list_consumers(self, request):
|
||||
ref = self.oauth_api.list_consumers()
|
||||
ref = PROVIDERS.oauth_api.list_consumers()
|
||||
return ConsumerCrudV3.wrap_collection(request.context_dict, ref)
|
||||
|
||||
@controller.protected()
|
||||
def get_consumer(self, request, consumer_id):
|
||||
ref = self.oauth_api.get_consumer(consumer_id)
|
||||
ref = PROVIDERS.oauth_api.get_consumer(consumer_id)
|
||||
return ConsumerCrudV3.wrap_member(request.context_dict, ref)
|
||||
|
||||
@controller.protected()
|
||||
|
@ -95,7 +97,7 @@ class ConsumerCrudV3(controller.V3Controller):
|
|||
payload = {'user_id': user_token_ref.user_id,
|
||||
'consumer_id': consumer_id}
|
||||
_emit_user_oauth_consumer_token_invalidate(payload)
|
||||
self.oauth_api.delete_consumer(
|
||||
PROVIDERS.oauth_api.delete_consumer(
|
||||
consumer_id, initiator=request.audit_initiator
|
||||
)
|
||||
|
||||
|
@ -115,7 +117,7 @@ class AccessTokenCrudV3(controller.V3Controller):
|
|||
|
||||
@controller.protected()
|
||||
def get_access_token(self, request, user_id, access_token_id):
|
||||
access_token = self.oauth_api.get_access_token(access_token_id)
|
||||
access_token = PROVIDERS.oauth_api.get_access_token(access_token_id)
|
||||
if access_token['authorizing_user_id'] != user_id:
|
||||
raise exception.NotFound()
|
||||
access_token = self._format_token_entity(request.context_dict,
|
||||
|
@ -129,7 +131,7 @@ class AccessTokenCrudV3(controller.V3Controller):
|
|||
raise exception.Forbidden(
|
||||
_('Cannot list request tokens'
|
||||
' with a token issued via delegation.'))
|
||||
refs = self.oauth_api.list_access_tokens(user_id)
|
||||
refs = PROVIDERS.oauth_api.list_access_tokens(user_id)
|
||||
formatted_refs = ([self._format_token_entity(request.context_dict, x)
|
||||
for x in refs])
|
||||
return AccessTokenCrudV3.wrap_collection(request.context_dict,
|
||||
|
@ -137,11 +139,11 @@ class AccessTokenCrudV3(controller.V3Controller):
|
|||
|
||||
@controller.protected()
|
||||
def delete_access_token(self, request, user_id, access_token_id):
|
||||
access_token = self.oauth_api.get_access_token(access_token_id)
|
||||
access_token = PROVIDERS.oauth_api.get_access_token(access_token_id)
|
||||
consumer_id = access_token['consumer_id']
|
||||
payload = {'user_id': user_id, 'consumer_id': consumer_id}
|
||||
_emit_user_oauth_consumer_token_invalidate(payload)
|
||||
return self.oauth_api.delete_access_token(
|
||||
return PROVIDERS.oauth_api.delete_access_token(
|
||||
user_id, access_token_id, initiator=request.audit_initiator
|
||||
)
|
||||
|
||||
|
@ -175,7 +177,7 @@ class AccessTokenRolesV3(controller.V3Controller):
|
|||
|
||||
@controller.protected()
|
||||
def list_access_token_roles(self, request, user_id, access_token_id):
|
||||
access_token = self.oauth_api.get_access_token(access_token_id)
|
||||
access_token = PROVIDERS.oauth_api.get_access_token(access_token_id)
|
||||
if access_token['authorizing_user_id'] != user_id:
|
||||
raise exception.NotFound()
|
||||
authed_role_ids = access_token['role_ids']
|
||||
|
@ -186,7 +188,7 @@ class AccessTokenRolesV3(controller.V3Controller):
|
|||
@controller.protected()
|
||||
def get_access_token_role(self, request, user_id,
|
||||
access_token_id, role_id):
|
||||
access_token = self.oauth_api.get_access_token(access_token_id)
|
||||
access_token = PROVIDERS.oauth_api.get_access_token(access_token_id)
|
||||
if access_token['authorizing_user_id'] != user_id:
|
||||
raise exception.Unauthorized(_('User IDs do not match'))
|
||||
authed_role_ids = access_token['role_ids']
|
||||
|
@ -199,7 +201,7 @@ class AccessTokenRolesV3(controller.V3Controller):
|
|||
raise exception.RoleNotFound(role_id=role_id)
|
||||
|
||||
def _format_role_entity(self, role_id):
|
||||
role = self.role_api.get_role(role_id)
|
||||
role = PROVIDERS.role_api.get_role(role_id)
|
||||
formatted_entity = role.copy()
|
||||
if 'description' in role:
|
||||
formatted_entity.pop('description')
|
||||
|
@ -234,8 +236,8 @@ class OAuthControllerV3(controller.V3Controller):
|
|||
attribute='Requested-Project-Id', target='request')
|
||||
|
||||
# NOTE(stevemar): Ensure consumer and requested project exist
|
||||
self.resource_api.get_project(requested_project_id)
|
||||
self.oauth_api.get_consumer(consumer_id)
|
||||
PROVIDERS.resource_api.get_project(requested_project_id)
|
||||
PROVIDERS.oauth_api.get_consumer(consumer_id)
|
||||
|
||||
url = self._update_url_scheme(request)
|
||||
req_headers = {'Requested-Project-Id': requested_project_id}
|
||||
|
@ -254,7 +256,7 @@ class OAuthControllerV3(controller.V3Controller):
|
|||
# show the details of the failure.
|
||||
oauth1.validate_oauth_params(b)
|
||||
request_token_duration = CONF.oauth1.request_token_duration
|
||||
token_ref = self.oauth_api.create_request_token(
|
||||
token_ref = PROVIDERS.oauth_api.create_request_token(
|
||||
consumer_id,
|
||||
requested_project_id,
|
||||
request_token_duration,
|
||||
|
@ -293,7 +295,7 @@ class OAuthControllerV3(controller.V3Controller):
|
|||
raise exception.ValidationError(
|
||||
attribute='oauth_verifier', target='request')
|
||||
|
||||
req_token = self.oauth_api.get_request_token(
|
||||
req_token = PROVIDERS.oauth_api.get_request_token(
|
||||
request_token_id)
|
||||
|
||||
expires_at = req_token['expires_at']
|
||||
|
@ -319,7 +321,7 @@ class OAuthControllerV3(controller.V3Controller):
|
|||
# does not yet support dummy client or dummy request token,
|
||||
# so we will raise Unauthorized exception instead.
|
||||
try:
|
||||
self.oauth_api.get_consumer(consumer_id)
|
||||
PROVIDERS.oauth_api.get_consumer(consumer_id)
|
||||
except exception.NotFound:
|
||||
msg = _('Provided consumer does not exist.')
|
||||
LOG.warning(msg)
|
||||
|
@ -345,7 +347,7 @@ class OAuthControllerV3(controller.V3Controller):
|
|||
raise exception.Unauthorized(message=msg)
|
||||
|
||||
access_token_duration = CONF.oauth1.access_token_duration
|
||||
token_ref = self.oauth_api.create_access_token(
|
||||
token_ref = PROVIDERS.oauth_api.create_access_token(
|
||||
request_token_id,
|
||||
access_token_duration,
|
||||
initiator=request.audit_initiator
|
||||
|
@ -382,7 +384,7 @@ class OAuthControllerV3(controller.V3Controller):
|
|||
_('Cannot authorize a request token'
|
||||
' with a token issued via delegation.'))
|
||||
|
||||
req_token = self.oauth_api.get_request_token(request_token_id)
|
||||
req_token = PROVIDERS.oauth_api.get_request_token(request_token_id)
|
||||
|
||||
expires_at = req_token['expires_at']
|
||||
if expires_at:
|
||||
|
@ -401,7 +403,7 @@ class OAuthControllerV3(controller.V3Controller):
|
|||
user_token = authorization.get_token_ref(request.context_dict)
|
||||
user_id = user_token.user_id
|
||||
project_id = req_token['requested_project_id']
|
||||
user_roles = self.assignment_api.get_roles_for_user_and_project(
|
||||
user_roles = PROVIDERS.assignment_api.get_roles_for_user_and_project(
|
||||
user_id, project_id)
|
||||
cred_set = set(user_roles)
|
||||
|
||||
|
@ -413,7 +415,7 @@ class OAuthControllerV3(controller.V3Controller):
|
|||
role_ids = list(authed_roles)
|
||||
|
||||
# finally authorize the token
|
||||
authed_token = self.oauth_api.authorize_request_token(
|
||||
authed_token = PROVIDERS.oauth_api.authorize_request_token(
|
||||
request_token_id, user_id, role_ids)
|
||||
|
||||
to_return = {'token': {'oauth_verifier': authed_token['verifier']}}
|
||||
|
|
|
@ -23,6 +23,7 @@ from keystone.oauth1 import core as oauth1
|
|||
|
||||
|
||||
METHOD_NAME = 'oauth_validator'
|
||||
PROVIDERS = provider_api.ProviderAPIs
|
||||
|
||||
|
||||
class OAuthValidator(provider_api.ProviderAPIMixin, oauth1.RequestValidator):
|
||||
|
@ -60,15 +61,15 @@ class OAuthValidator(provider_api.ProviderAPIMixin, oauth1.RequestValidator):
|
|||
len(verifier) == 8)
|
||||
|
||||
def get_client_secret(self, client_key, request):
|
||||
client = self.oauth_api.get_consumer_with_secret(client_key)
|
||||
client = PROVIDERS.oauth_api.get_consumer_with_secret(client_key)
|
||||
return client['secret']
|
||||
|
||||
def get_request_token_secret(self, client_key, token, request):
|
||||
token_ref = self.oauth_api.get_request_token(token)
|
||||
token_ref = PROVIDERS.oauth_api.get_request_token(token)
|
||||
return token_ref['request_secret']
|
||||
|
||||
def get_access_token_secret(self, client_key, token, request):
|
||||
access_token = self.oauth_api.get_access_token(token)
|
||||
access_token = PROVIDERS.oauth_api.get_access_token(token)
|
||||
return access_token['access_secret']
|
||||
|
||||
def get_default_realms(self, client_key, request):
|
||||
|
@ -94,13 +95,13 @@ class OAuthValidator(provider_api.ProviderAPIMixin, oauth1.RequestValidator):
|
|||
|
||||
def validate_client_key(self, client_key, request):
|
||||
try:
|
||||
return self.oauth_api.get_consumer(client_key) is not None
|
||||
return PROVIDERS.oauth_api.get_consumer(client_key) is not None
|
||||
except exception.NotFound:
|
||||
return False
|
||||
|
||||
def validate_request_token(self, client_key, token, request):
|
||||
try:
|
||||
req_token = self.oauth_api.get_request_token(token)
|
||||
req_token = PROVIDERS.oauth_api.get_request_token(token)
|
||||
if req_token:
|
||||
return req_token['consumer_id'] == client_key
|
||||
else:
|
||||
|
@ -110,7 +111,7 @@ class OAuthValidator(provider_api.ProviderAPIMixin, oauth1.RequestValidator):
|
|||
|
||||
def validate_access_token(self, client_key, token, request):
|
||||
try:
|
||||
return self.oauth_api.get_access_token(token) is not None
|
||||
return PROVIDERS.oauth_api.get_access_token(token) is not None
|
||||
except exception.NotFound:
|
||||
return False
|
||||
|
||||
|
@ -141,7 +142,7 @@ class OAuthValidator(provider_api.ProviderAPIMixin, oauth1.RequestValidator):
|
|||
|
||||
def validate_verifier(self, client_key, token, verifier, request):
|
||||
try:
|
||||
req_token = self.oauth_api.get_request_token(token)
|
||||
req_token = PROVIDERS.oauth_api.get_request_token(token)
|
||||
return req_token['verifier'] == verifier
|
||||
except exception.NotFound:
|
||||
return False
|
||||
|
|
Loading…
Reference in New Issue